1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-22 16:25:17 +00:00

api: lease: drop usage of global authority import

This commit is contained in:
Priit Laes 2018-02-03 12:43:21 +02:00
parent 937c81bd5f
commit be454d7a65
2 changed files with 11 additions and 5 deletions

View File

@ -233,13 +233,13 @@ def certidude_app(log_handlers=[]):
# API calls used by pushed events on the JS end
app.add_route("/api/signed/{cn}/tag/", TagResource())
app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource())
app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource(authority))
# API call used to delete existing tags
app.add_route("/api/signed/{cn}/tag/{tag}/", TagDetailResource())
# Gateways can submit leases via this API call
app.add_route("/api/lease/", LeaseResource())
app.add_route("/api/lease/", LeaseResource(authority))
# Bootstrap resource
app.add_route("/api/bootstrap/", BootstrapResource(authority))

View File

@ -5,7 +5,7 @@ import logging
import os
import xattr
from datetime import datetime
from certidude import config, authority, push
from certidude import config, push
from certidude.auth import login_required, authorize_admin, authorize_server
from certidude.decorators import serialize
@ -14,12 +14,15 @@ logger = logging.getLogger(__name__)
# TODO: lease namespacing (?)
class LeaseDetailResource(object):
def __init__(self, authority):
self.authority = authority
@serialize
@login_required
@authorize_admin
def on_get(self, req, resp, cn):
try:
path, buf, cert, signed, expires = authority.get_signed(cn)
path, buf, cert, signed, expires = self.authority.get_signed(cn)
return dict(
last_seen = xattr.getxattr(path, "user.lease.last_seen").decode("ascii"),
inner_address = xattr.getxattr(path, "user.lease.inner_address").decode("ascii"),
@ -30,6 +33,9 @@ class LeaseDetailResource(object):
class LeaseResource(object):
def __init__(self, authority):
self.authority = authority
@authorize_server
def on_post(self, req, resp):
client_common_name = req.get_param("client", required=True)
@ -38,7 +44,7 @@ class LeaseResource(object):
if "," in client_common_name:
client_common_name, _ = client_common_name.split(",", 1)
path, buf, cert, signed, expires = authority.get_signed(client_common_name) # TODO: catch exceptions
path, buf, cert, signed, expires = self.authority.get_signed(client_common_name) # TODO: catch exceptions
if req.get_param("serial") and cert.serial_number != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
now = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z"